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Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

• If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S. C. § 1 33). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)^ Responsive to communication(s) filed on 28 April 2004 . 
2a)l3 This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1 935 CD. 1 1 , 453 O.G. 213. 
Disposition of Claims 

4) K Claim(s) 1-8 and 18-29 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) M Claim(s) 1-8 and 18-29 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

1 1) D The proposed drawing correction filed on is: a)D approved b)D disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) D The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§119 and 120 

1 3) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 1 9(a)-(d) or (f). 

a)DAII b)D Some*c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application). 

a) D The translation of the foreign language provisional application has been received. 

15) Q Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121. 
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FINAL ACTION 

1 . This action is responsive to communications: Amendment, filed on 04/29/2004. This action has 
been made final. 

2. Claims 1-23 are presented for examination. In amendment B, filed on 04/29/2004: 
Claims 1, 18, 26-27 are amended. 

Claims 28-29 are new. 
Claims 9-17 are cancelled. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102(e) that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the United 
States before the invention thereof by the applicant for patent, or on an international application by another who has 
fulfilled the requirements of paragraphs (1 ), (2), and (4) of section 371 (c) of this title before the invention thereof by 
the applicant for patent. 

4. Claims 1-6, 8, 18-23, 25-29 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Powell, "LPRng-HOWTO". 

8. As per claims 1 and 18, Powell teaches a computer network including a server computer 
system attachable to a plurality of client computer systems, a method of authenticating at least one of a 
subset of the plurality of client computer systems and/or users thereof, the method comprising: 

an act of a server computer system receiving a request from a requesting client computer system, 
the request including an instruction identifying at least one authentication methodology that is to be used 
when authenticating a subset of client computer systems when the subset of client computer systems 
request service from the server computer system (pg 1, lines 10-11); 
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an act of the server computer system receiving a subsequent request, the subsequent request 
comprising a request from the subset of client computer systems for service from the server computer 
system (pg 2, lines 25-30); and 

an act of the server computer system, upon receiving the subsequent request authenticating the 
requesting subset of the client computer systems using at least one the authentication methodology 
identified in the instruction (pg 2, lines 25-30). 

9. As per claims 2 and 19, Powell teaches wherein the instruction includes at least an instruction 
to accept an assertion authentication method for use in authenticating the subset of client computer 
systems (pg 2, lines 34-35). 

10. As per claims 3 and 20, Powell teaches wherein the instruction includes at least an instruction 
to accept a basic HTTP authentication method for use in authenticating the subset of client computer 
systems (pg 2, lines 34-35). 

11. As per claims 4 and 2 1 Powell teaches wherein the instruction includes at least an instruction 
to accept a digest authentication method for use in authenticating thesubset of client computer systems 
(pg 2, lines 34-35). 

12. As per claims 5 and 22, Powell teaches wherein the instruction includes at least an 
instruction to accept an NTLM authentication method for use in authenticating the subset of client 
computer systems (pg 2, lines 34-35). 

13. As per claims 6 and 23, Powell teaches wherein the subset of client computer systems is a 
single client computer system (pg 2, lines 12-13). 

14. As per claims 8 and 25, Powell teaches a computer-readable medium having computer- 
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executable instructions for performing the acts recited in Claim 1 (pg 2, lines 18-24). 

15. As per claim 26, Powell teaches a computer-readable medium having stored thereon a data 
structure having a plurality of fields, the data structure comprising: 

a plurality of client identifier fields that each identify a client computer system that is_connected to a 
server computer system (pg 2, lines 41-42); and 

for each client computer system, the data structure further comprising at least one authentication field 
that identifies an authentication method to be used by the server computer system for authenticating the 
client computer system upon receiving a request from the client computer system for service, (pg 2, line 
18, line 32-33). 

16. As per claim 27, Powell teaches wherein each client identifier field identifies a single client 
computer system (pg 2, lines 41-42). 

17. As per claim 28, Powell teaches a computer readable medium as recited in claim 26, wherein the 
server computer system has access to the data structure prior to receiving the request from the client 
computer (pg 2, lines 1-10, lines 25-30). 

18. As per claim 29, Powell teaches a computer-readable medium as recited in claim 26, wherein the 
data structure is further configured to be altered upon being stored, so as to allow a client computer to use 
additional authentication methods (pg 2, lines 15-42). 

Claim Rejections - 35 USC § 103 

19. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 
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(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such 
that the subject matter as a whole would have been obvious at the time the invention was made to a person having 
ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in 
which the invention was made. 

20. Claims 7 and 24 are rejected under 35 U.S.C. 103(a) as being unpatentable over Powell, US 
6,446,204 as applied to claims 1, 9 and 18 above. 

21 . As per claims 7 and 24, Powell does not teach wherein the request comprises a data structure 
that represents an extensible Markup Language (XML) element. However it would have been obvious to 
one of ordinary skill in this art at the time of invention to include XML element for use in client requests 
because doing so would improve the flexibility and versatility of Powell's system by utilizing flexible 
development of user-defined document types of XML. XML element would provide a robust, non- 
proprietary, persistent, and verifiable file format for the storage and transmission of text and data both on 
and off the Web; and it removes the more complex options of SGML, making it easier to program for. 



Conclusion 

22. Applicant's remarks filed 04/28/04 have been considered but are found not persuasive. 

23. In the remark, the Applicant argued in substance that Powell fails to disclose or suggest 
that server receives an initial client request that identifies an authentication methodology to use for 
authenticating a subset of client system, as well as receiving a subsequent request for service from a 
subset of client systems, by using the authentication methodology identified in the initial client request. 
In response to Applicant's argument, Powell does teach the above.limitations. 

Referring to pg 5, "16.6 lpd Server to Server Authentication" First it is well known in the art that a 
server is capable of handling multiple client requests, thus the first server received plurality of requests 
for service from a subset of the network which the first server is located, as is described on pg 2 of 
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Powell. Next, the first server is capable of sending multiple commands/jobs to a second server on behalf 
of the subset of clients. Therefore, the limitation of authenticating a subset of client system is taught by 
Powell in the above section. Next, referring to pg 2 of Powell, lines 15-42, during this section, Powell 
teaches the ability for any clients, which include any subset of clients in a network to choose among 
plurality of authentication methods, this means that the clients has the capability of choosing the same or 
different authentication methods as previous time. 

24. In the remark, the Applicant argued in substance that Powell fails to disclose or suggest a data 
structure having a plurality of client identifier fields that each identify a client computer system that is 
connected to a server computer system, and for each client computer system, the data structure further 
comprising at least one authentication field that identifies an authentication method to be used by the 
server computer system for authenticating the client computer system upon receiving a request from the 
client computer system for service, as claimed. 

In response to Applicant's arguments, Powell does teach the above limitations. 

Referring to page 2, lines 15-42, this section teaches the data structure which is capable of being used for 
by a typical computer system in the network. The Applicant should realize that this data structure can be 
re-used for all the computer systems that are clients, thus this section is only a sample of a particular 
computer system having the ability to choose their own authentication, and similar approaches can be 
carried out through the remainder of the network. Thus, in light of the above sections, Powell does teach 
Applicant's claim limitations. 

25. In the remark, the Applicant argued in substance, that Powell fails to disclose or suggest 
using the recited authentication methods (e.g. assertion, basic HTTP, digest authentication, NTLM). 
In response to Applicant's arguments, Powell does teach the above limitations. 

Referring to pg 7, "16.8 Using PGP for Authentication", PGP is a form of basic HTTP and digest 
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authentication, because a secret key is being used, and user name and password is present as well. 
Further, Kerberos is a form of NTLM, wherein the messages credentials are encrypted before sending to 
the next network node (pg 10, "Kerberos Installation Procedure", item #9). Finally, Examiner would like 
to point out that Powell suggest that additional authentication support is extremely simple to add (pg 1, 
Introduction). Thus, in conclusion, Powell does teach these authentication methodologies. 

THIS ACTION IS MADE FINAL. Applicant is reined of the extension of time policy as set 
forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 
1 .136(a) will be calculated from the mailing date of the advisory action. In no event, however 
will the statutory period for reply expire later than SIX MONTHS from the mailing date of this 
final action. 

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The 
following patents and publications are cited to further show the state of the art with respect to "Methods 
and systems for selecting methodology for authenticating computer systems on a per computer system or 
per user basis". 

i. US 6,170,057 Inoueetal. 



n. 



US 5,721,780 



Ensor et al. 



in. 



US 6,470,447 



Lambert et al. 



IV. 



US 6,278,449 



Sugiarto et al. 
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v. US 6,185, 612 Jensen etal 

vi. US 5,930,804 Yu et al. 

vii. US 5,909,503 Graves et al. 

viii. US 5,875,432 Sehr. 

ix. US 6,446,204 Pang et al. 

x. "SDSS Science Archives Security module API", Gyula P. Szokoly 1996. 

xi. "Sesame Authentication protocol" 

Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to Chad Zhong whose telephone number is (703) 305-0718. The examiner can normally be 
reached on M-F 7am-4 :30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Meng-Ai An can be reached on 703-305-9678. The fax phone numbers for the organization where this 
application or proceeding is assigned are 703-746-7239 for regular communications and 703-746-7238 
for After Final communications. 

Any inquiry of a general nature or relating to the status of this application or proceeding should 
be directed to the receptionist whose telephone number is 703-305-3900. 




CZ 

May 13, 2004 

JOHN F0LLANSBEE 
SUPERVISOR? PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



